In today's high-tech, fast-paced, hyper-connected world, people are spending more and more time on the internet to complete more of their daily activities such as online banking and shopping. The convenience afforded by the access and availability of the online world, however, is not without drawbacks. This increased access has brought with it an unparalleled growth in online fraudulent activity.
Reports about identity takeover, filled with phrases like Trojan, Man in the Middle, Man in the Browser, and Phishing, are increasingly in the news. These emerging threats have triggered a growing awareness by service providers and customers alike. These threats are serious and must be addressed.
Service providers, such as financial institutions, trying to encourage customer activity while at the same time minimizing losses from financial fraud, are looking for ways to deal with these threats. One possible way is to use a risk-based authentication system with a risk engine associated therewith to assign risk scores to transactions. The transactions with a low risk score can be processed. Those transactions with a high risk score can be rejected or else a further step up challenge can be issued. For example, the risk-based authentication system can be configured to challenge a user to confirm their identity in order to allow a transaction to proceed.
At the end of a processing interval (e.g., at the end of each day), the service provider can update the risk engine with the results of manually investigated transactions. For example, the service provider may have manually discovered particular transaction attributes that closely correlate with fraudulent transactions, such as certain times of the day, certain IP addresses, and certain geographical locations. The financial institution can then have the risk engine tuned for the next processing interval so that future transactions having these particular transaction attributes are given higher risk scores by the risk engine.
However, the above process of identifying particular transaction attributes that closely correlate with fraudulent transactions is time consuming and expensive. A need therefore exists for techniques for improving a risk-based authentication system.